SQL Injection Vulnerabilities in Dairy Farm Shop Management System by MATRIXDEVIL
CVE-2023-41594

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Dairy Farm Shop Management System
Vendor: CVE Published:; 8 September 2023

Summary

The Dairy Farm Shop Management System, built with PHP and MySQL, has been found to exhibit significant SQL injection vulnerabilities specifically within its Login functionality. This occurs when malicious users can manipulate the Username and Password input fields to execute arbitrary SQL code, potentially compromising the system's database integrity and exposing sensitive information. As attackers exploit these vulnerabilities, it becomes crucial for users to implement security best practices and apply necessary patches to safeguard their applications.

References

https://portswigger.net/web-security/sql-injection

https://www.acunetix.com/vulnerabilities/web/sql-injection/

https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 8, 2023
Vulnerability Reserved
Aug 30, 2023

Collectors

NVD DatabaseMitre Database